التفاصيل البيبلوغرافية
| العنوان: |
Profiling Running Applications in Connected Devices Through Side-Channel and Machine Learning Techniques |
| المؤلفون: |
Vincenzo Rega, Domenico Capriglione, Fabrizio Marignetti, Mario Molinara, Andrea Amodei |
| المصدر: |
IEEE Access, Vol 12, Pp 170923-170935 (2024) |
| بيانات النشر: |
IEEE, 2024. |
| سنة النشر: |
2024 |
| المجموعة: |
LCC:Electrical engineering. Electronics. Nuclear engineering |
| مصطلحات موضوعية: |
Cybersecurity, side-channel, machine learning, measurements, vulnerability, application profiling, Electrical engineering. Electronics. Nuclear engineering, TK1-9971 |
| الوصف: |
In the field of cybersecurity, the ability to gather detailed information about target systems is a critical component of the reconnaissance phase of cyber attacks. This phase, known as cybersecurity reconnaissance, involves techniques that adversaries use to collect information vital for the success of subsequent attack stages. Traditionally, reconnaissance activities include network scanning, sniffing, and social engineering, which allow attackers to map the network, identify vulnerabilities, and plan their exploits. In this paper, we explore a novel application of side-channel analysis within system-based reconnaissance. Side-channel attacks, typically used to extract cryptographic keys or sensitive data through indirect observations such as power consumption or electromagnetic emissions, are here repurposed for a different kind of system intrusion. Specifically, we demonstrate how side-channel analysis and machine learning techniques can classify running processes on a target system that are very popular in common IoT applications. This approach is particularly concerning for IoT environments where devices often control critical infrastructure or handle sensitive data. The ability to identify active applications can reveal operation patterns, system behaviors, and potential vulnerabilities that traditional security measures may not protect against. Moreover, in IoT scenarios, this information can be leveraged to orchestrate sophisticated attacks targeting specific services or to exploit timing-based vulnerabilities when certain critical applications are running. By categorizing this approach as a form of local system-based reconnaissance, we highlight its potential to silently gather critical information about a system’s state. Such capabilities represent a significant breach of privacy and provide attackers with the intelligence needed to carry out more targeted and effective attacks. This research also underscores the evolving nature of reconnaissance techniques and the growing risks of advanced side-channel cybersecurity methods. |
| نوع الوثيقة: |
article |
| وصف الملف: |
electronic resource |
| اللغة: |
English |
| تدمد: |
2169-3536 |
| Relation: |
https://ieeexplore.ieee.org/document/10744013/; https://doaj.org/toc/2169-3536 |
| DOI: |
10.1109/ACCESS.2024.3491916 |
| URL الوصول: |
https://doaj.org/article/8fb6e45b12c24251bc103d1781483b62 |
| رقم الانضمام: |
edsdoj.8fb6e45b12c24251bc103d1781483b62 |
| قاعدة البيانات: |
Directory of Open Access Journals |
Full Text Finder